<?php
session_start ();

if (! empty ( $_SESSION ['username'] ) && $_SESSION ['username'] == "admin") {
	if (! empty ( $_POST ['username'] ) && ! empty ( $_POST ['bidnum'] )) {
		$user = addslashes ( $_POST ['username'] );
		$bidnum = ( int ) $_POST ['bidnum'];
		
		include_once '../../../pages/config.php';
		
		$connection = mysql_connect ( $host, $username, $password ) or die ( json_encode ( array (
				'success' => false,
				'errors' => "could not connect to MySql" . mysql_error () 
		) ) );
		mysql_select_db ( "mydb", $connection ) or die ( json_encode ( array (
				'success' => false,
				'errors' => "could not connect to MySql" . mysql_error () 
		) ) );
		$query = "UPDATE User SET balance = balance + " . $bidnum . " WHERE username = '" . $user . "'";
		
		$result = mysql_query ( $query, $connection );
		
		if (! $result) {
			die ( json_encode ( array (
					'success' => false,
					'errors' => 'Query not successful ' 
			) ) );
		}
		$effected = mysql_num_rows ( $result );
		
		if ($effected) {
			die ( json_encode ( array (
					'success' => true,
			) ) );
		}
		
		
		
	}
}